)]}'
{"glance/registry/api/v1/images.py":[{"author":{"_account_id":5441,"name":"Andrew Laski","email":"andrew@lascii.com","username":"alaski"},"change_message_id":"e0b4eaf67f446acbb46eff81437e134e8c838ec5","unresolved":false,"context_lines":[{"line_number":71,"context_line":"            return self.db_api.image_get_all(context, filters\u003dfilters,"},{"line_number":72,"context_line":"                                             **params)"},{"line_number":73,"context_line":"        except (exception.NotFound, exception.Forbidden) as e:"},{"line_number":74,"context_line":"            msg \u003d _(\"Invalid marker. Image could not be found.\")"},{"line_number":75,"context_line":"            raise exc.HTTPBadRequest(explanation\u003dmsg)"},{"line_number":76,"context_line":""},{"line_number":77,"context_line":"    def index(self, req):"}],"source_content_type":"text/x-python","patch_set":2,"id":"AAAAOn%2F%2FaNs%3D","line":74,"updated":"2013-05-10 15:01:32.000000000","message":"This msg is no longer correct, the image may have been found.  Maybe expand it to \"Image could not be found or you are not allowed to use it\", or just keep it as \"Invalid marker\".","commit_id":"6ea517fbb4681867bfbb5f9c55cae114e0e19c5c"},{"author":{"_account_id":455,"name":"Stuart McLaren","email":"stuart.mclaren@hpe.com","username":"stuart-mclaren"},"change_message_id":"b22492ea36a659813f8ca49c38104ce96e67ebc7","unresolved":false,"context_lines":[{"line_number":71,"context_line":"            return self.db_api.image_get_all(context, filters\u003dfilters,"},{"line_number":72,"context_line":"                                             **params)"},{"line_number":73,"context_line":"        except (exception.NotFound, exception.Forbidden) as e:"},{"line_number":74,"context_line":"            msg \u003d _(\"Invalid marker. Image could not be found.\")"},{"line_number":75,"context_line":"            raise exc.HTTPBadRequest(explanation\u003dmsg)"},{"line_number":76,"context_line":""},{"line_number":77,"context_line":"    def index(self, req):"}],"source_content_type":"text/x-python","patch_set":2,"id":"AAAAOn%2F%2FX4c%3D","line":74,"in_reply_to":"AAAAOn%2F%2FX44%3D","updated":"2013-05-13 08:56:18.000000000","message":"Note that it would probably be more appropriate to return a 404 here, but we return 400 for backwards compatibility.","commit_id":"6ea517fbb4681867bfbb5f9c55cae114e0e19c5c"},{"author":{"_account_id":5441,"name":"Andrew Laski","email":"andrew@lascii.com","username":"alaski"},"change_message_id":"a8c5080a7ab91437d0c2d850735c655f7635ea1c","unresolved":false,"context_lines":[{"line_number":71,"context_line":"            return self.db_api.image_get_all(context, filters\u003dfilters,"},{"line_number":72,"context_line":"                                             **params)"},{"line_number":73,"context_line":"        except (exception.NotFound, exception.Forbidden) as e:"},{"line_number":74,"context_line":"            msg \u003d _(\"Invalid marker. Image could not be found.\")"},{"line_number":75,"context_line":"            raise exc.HTTPBadRequest(explanation\u003dmsg)"},{"line_number":76,"context_line":""},{"line_number":77,"context_line":"    def index(self, req):"}],"source_content_type":"text/x-python","patch_set":2,"id":"AAAAOn%2F%2FXkg%3D","line":74,"in_reply_to":"AAAAOn%2F%2FX4c%3D","updated":"2013-05-13 13:11:27.000000000","message":"I agree about 404, and almost mentioned that.  But I wasn\u0027t sure how response code behaviour may differ when the issue is with a query string.\n\nYou make a fair point regarding information leakage.  Theoretically even with that small data leakage there\u0027s not an increased risk of an attack, but it seems fair to just treat it as nonexistent.  I suppose my concern is really around debugging this when it\u0027s raised.  It would probably be helpful to log something so the deployer can differentiate between NotFound and Forbidden.","commit_id":"6ea517fbb4681867bfbb5f9c55cae114e0e19c5c"},{"author":{"_account_id":5441,"name":"Andrew Laski","email":"andrew@lascii.com","username":"alaski"},"change_message_id":"fe708b825d12f4551118939ff4fba187e266b3d4","unresolved":false,"context_lines":[{"line_number":71,"context_line":"            return self.db_api.image_get_all(context, filters\u003dfilters,"},{"line_number":72,"context_line":"                                             **params)"},{"line_number":73,"context_line":"        except (exception.NotFound, exception.Forbidden) as e:"},{"line_number":74,"context_line":"            msg \u003d _(\"Invalid marker. Image could not be found.\")"},{"line_number":75,"context_line":"            raise exc.HTTPBadRequest(explanation\u003dmsg)"},{"line_number":76,"context_line":""},{"line_number":77,"context_line":"    def index(self, req):"}],"source_content_type":"text/x-python","patch_set":2,"id":"AAAAOn%2F%2FXfY%3D","line":74,"in_reply_to":"AAAAOn%2F%2FXiA%3D","updated":"2013-05-13 14:09:36.000000000","message":"Makes sense to me, and addresses my concern.","commit_id":"6ea517fbb4681867bfbb5f9c55cae114e0e19c5c"},{"author":{"_account_id":455,"name":"Stuart McLaren","email":"stuart.mclaren@hpe.com","username":"stuart-mclaren"},"change_message_id":"438abab3f303a7af1337edf5f676fcaa265470d3","unresolved":false,"context_lines":[{"line_number":71,"context_line":"            return self.db_api.image_get_all(context, filters\u003dfilters,"},{"line_number":72,"context_line":"                                             **params)"},{"line_number":73,"context_line":"        except (exception.NotFound, exception.Forbidden) as e:"},{"line_number":74,"context_line":"            msg \u003d _(\"Invalid marker. Image could not be found.\")"},{"line_number":75,"context_line":"            raise exc.HTTPBadRequest(explanation\u003dmsg)"},{"line_number":76,"context_line":""},{"line_number":77,"context_line":"    def index(self, req):"}],"source_content_type":"text/x-python","patch_set":2,"id":"AAAAOn%2F%2FXiA%3D","line":74,"in_reply_to":"AAAAOn%2F%2FXkg%3D","updated":"2013-05-13 13:33:27.000000000","message":"We could add two debug statements in db/sqlalchemy/api.py:_image_get ():\n\n    except sa_orm.exc.NoResultFound:\n        *extra debug here*\n        raise exception.NotFound(\"No image found with ID %s\" % image_id)\n\n    # Make sure they can look at it\n    if not is_image_visible(context, image):\n        *extra debug here*\n        raise exception.Forbidden(\"Image not visible to you\")\n\nwhat do you think?","commit_id":"6ea517fbb4681867bfbb5f9c55cae114e0e19c5c"},{"author":{"_account_id":455,"name":"Stuart McLaren","email":"stuart.mclaren@hpe.com","username":"stuart-mclaren"},"change_message_id":"300564a397a6d3cd9908b3a138babc17bebf2002","unresolved":false,"context_lines":[{"line_number":71,"context_line":"            return self.db_api.image_get_all(context, filters\u003dfilters,"},{"line_number":72,"context_line":"                                             **params)"},{"line_number":73,"context_line":"        except (exception.NotFound, exception.Forbidden) as e:"},{"line_number":74,"context_line":"            msg \u003d _(\"Invalid marker. Image could not be found.\")"},{"line_number":75,"context_line":"            raise exc.HTTPBadRequest(explanation\u003dmsg)"},{"line_number":76,"context_line":""},{"line_number":77,"context_line":"    def index(self, req):"}],"source_content_type":"text/x-python","patch_set":2,"id":"AAAAOn%2F%2FX44%3D","line":74,"in_reply_to":"AAAAOn%2F%2FaNs%3D","updated":"2013-05-13 08:54:04.000000000","message":"Hi Andrew, thanks for your feedback. In this case I don\u0027t think we want the user to know that an image which they don\u0027t have access to exists: its a (very small) leakage of information from a security point of view. I think this is fairly standard, ie you will see the same behaviour in other calls.","commit_id":"6ea517fbb4681867bfbb5f9c55cae114e0e19c5c"}]}